How To Connect To Your DigitalOcean Droplet with SSH

Introduction

If you have recently created a DigitalOcean Droplet, and you are new to working with Linux servers, you will need to learn how to use SSH to connect to and manage it. SSH, which stands for Secure Shell, is an encrypted network protocol that is used to for, among other things, remote server login and command execution. It is the standard method used for accessing and interacting with Linux servers.

This quick tutorial will show you how to connect to your new Linux cloud server for the first time, by logging into it using an SSH client.

Prerequisites

The prerequisites section describes everything that you need know about to follow this tutorial. Of course, you will need to have created a new Droplet through the DigitalOcean Control Panel.

Server Information and Login Credentials

In order to connect to a remote Linux server via SSH, you must have following:

User name: The remote user to log in as. The default admin user, or Superuser, on most Linux servers is root

Password and/or SSH Key: The password that is used to authenticate the user that you are logging in as. If you added a public SSH key to your droplet when you created it, you must have the private SSH key of the key pair (and passphrase, if it has one)

If you did not add an SSH key to your Droplet when you created it, you should have received an email from DigitalOcean with the aforementioned connection information and credentials. The emailed password is temporary, and must be changed after the first login.

SSH Client Software

There are a variety of SSH clients that you can use to connect to a Linux server. We will cover the following two:

OpenSSH(Linux and Mac OS X): A collection of software that ships with most Unix-like operating systems that includes the ssh command

PuTTY(Windows): A free SSH client that can run on Windows, and is available for download on the PuTTY Download Page. putty.exe is the SSH client, and puttygen.exe should also be downloaded if you want to use SSH keys.

SSH Login as Root

Now that you have all of the required information and software, you are now ready to log in to your server for the first time. Make sure to only follow the instructions that are relevant to your SSH client.

Option 1: OpenSSH (Linux and Mac OS X)

The OpenSSH ssh client is a command-line tool, so open a Terminal window to get started.

Step 1—Initiate the Connection

At the command prompt, enter the following command to attempt to connect to your server as the rootuser (subsitute the highlight word with your server’s IP address):

ssh root@SERVER_IP_ADDRESS

For example, if the server IP address was 123.234.123.234, the command would look like this: ssh root@123.234.123.234.

The first time you attempt to connect to your server, you will likely see a warning that looks like this:

The authenticity of host '123.123.123.123 (123.123.123.123)' can't be established.
ECDSA key fingerprint is
79:95:46:1a:ab:37:11:8e:86:54:36:38:bb:3c:fa:c0.
Are you sure you want to continue connecting (yes/no)?

Go ahead and type yes to continue to connect. Here, your computer is telling you that the remote server is not recognized. Since this is your first time connecting, this is completely expected. Skip to step 2, Authentication.

If you happened to destroy a droplet directly prior to creating the one that you are connecting to, you may see a warning like this:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
...

If this is the case, your new droplet probably has the same IP address as the old, destroyed droplet, but a different host SSH key. This is fine, and you can remove the warning, by deleting the old droplet’s host key from your system, by running this command:

ssh-keygen -R SERVER_IP_ADDRESS

Now try connecting to your server again.

Step 2—Authenticate

The authentication step involves providing a password and/or a private SSH key to prove that you are authorized to log in as root.

If you added an SSH key to your Droplet, and you have the private key installed on your computer, OpenSSH will attempt to use the key to authenticate to the root account. If you used a key with a passphrase, you will need to provide the passphrase to complete the login process. At this point, if you are unable to log in, you may need to start your ssh-agent and add your SSH keys to it with the following command (assuming your key is called “id_rsa”), then go back to Step 1:

eval `ssh-agent -s`
ssh-add ~/.ssh/id_rsa

If you did not add an SSH key to your Droplet, you will be prompted for the temporary password, and you will also be required to change it. Follow these steps to complete the login process:

Copy the temporary password from the email, and paste it into the password prompt

At the (current) UNIX password prompt, paste in the temporary password again

At the Enter new UNIX password prompt, enter a strong password

At the Retype new UNIX password prompt, enter the same strong password that you just entered

Don’t forget the new password that you set.

You’re now logged in! Skip to the Where To Go From Here? section of this tutorial to read about what your next steps with your server should be.

Option 2: PuTTY (Windows)

Run putty.exe by double-clicking on it, which will start the program and take you to the configuration screen.

Note: These steps do not cover using SSH keys with PuTTY. If you need to use SSH keys with PuTTY, use PuTTYgen to generate and load keys. A tutorial on this subject can be found here: How To Use SSH Keys with PuTTY.

Step 1—Configure the Connection

To properly configure the the SSH connection in putty, ensure that the following settings are set:

Host Name (or IP address): Enter your server’s IP address here

Port: 22 (default)

Connection Type: SSH (default)

You may now name and save this particular connection for future use by typing a name in the “Saved Sessions” field, and clicking “save”.

Step 2—Initiate the Connection

To initiate the connection, double-click on the session name, and accept the security alert (this will only appear the first time you connect to a server).

Step 3—Authenticate

The authentication step involves providing the login credentials, the user name and temporary password, to connect to the server. Following the initial connection, you will be required to change the password.

Follow these steps to complete the login process:

At the login as prompt, enter root

At the Password prompt, enter the password that was emailed to you (copy and paste it)

At the (current) UNIX password prompt, paste in the temporary password again

At the Enter new UNIX password prompt, enter a strong password

At the Retype new UNIX password prompt, enter the same strong password that you just entered

Don’t forget the new password that you set.

Where To Go From Here?

Congratulations! You are logged in to your server over SSH!

The next steps are to set up some basic security measures to protect your server from being compromised. These steps are covered in these distribution-specific tutorials: